4
require 'puppet/ssl/certificate_authority'
6
shared_examples_for "a normal interface method" do
7
it "should call the method on the CA for each host specified if an array was provided" do
8
@ca.expects(@method).with("host1")
9
@ca.expects(@method).with("host2")
11
@applier = Puppet::SSL::CertificateAuthority::Interface.new(@method, :to => %w{host1 host2})
16
it "should call the method on the CA for all existing certificates if :all was provided" do
17
@ca.expects(:list).returns %w{host1 host2}
19
@ca.expects(@method).with("host1")
20
@ca.expects(@method).with("host2")
22
@applier = Puppet::SSL::CertificateAuthority::Interface.new(@method, :to => :all)
28
describe Puppet::SSL::CertificateAuthority::Interface do
30
@class = Puppet::SSL::CertificateAuthority::Interface
32
describe "when initializing" do
33
it "should set its method using its settor" do
34
@class.any_instance.expects(:method=).with(:generate)
35
@class.new(:generate, :to => :all)
38
it "should set its subjects using the settor" do
39
@class.any_instance.expects(:subjects=).with(:all)
40
@class.new(:generate, :to => :all)
43
it "should set the digest if given" do
44
interface = @class.new(:generate, :to => :all, :digest => :digest)
45
interface.digest.should == :digest
48
it "should set the digest to md5 if none given" do
49
interface = @class.new(:generate, :to => :all)
50
interface.digest.should == :MD5
54
describe "when setting the method" do
55
it "should set the method" do
56
@class.new(:generate, :to => :all).method.should == :generate
59
it "should fail if the method isn't a member of the INTERFACE_METHODS array" do
60
Puppet::SSL::CertificateAuthority::Interface::INTERFACE_METHODS.expects(:include?).with(:thing).returns false
62
lambda { @class.new(:thing, :to => :all) }.should raise_error(ArgumentError)
66
describe "when setting the subjects" do
67
it "should set the subjects" do
68
@class.new(:generate, :to => :all).subjects.should == :all
71
it "should fail if the subjects setting isn't :all or an array", :'fails_on_ruby_1.9.2' => true do
72
lambda { @class.new(:generate, "other") }.should raise_error(ArgumentError)
76
it "should have a method for triggering the application" do
77
@class.new(:generate, :to => :all).should respond_to(:apply)
80
describe "when applying" do
82
# We use a real object here, because :verify can't be stubbed, apparently.
86
it "should raise InterfaceErrors" do
87
@applier = @class.new(:revoke, :to => :all)
89
@ca.expects(:list).raises Puppet::SSL::CertificateAuthority::Interface::InterfaceError
91
lambda { @applier.apply(@ca) }.should raise_error(Puppet::SSL::CertificateAuthority::Interface::InterfaceError)
94
it "should log non-Interface failures rather than failing" do
95
@applier = @class.new(:revoke, :to => :all)
97
@ca.expects(:list).raises ArgumentError
101
lambda { @applier.apply(@ca) }.should_not raise_error
104
describe "with an empty array specified and the method is not list" do
106
@applier = @class.new(:sign, :to => [])
107
lambda { @applier.apply(@ca) }.should raise_error(ArgumentError)
111
describe ":generate" do
112
it "should fail if :all was specified" do
113
@applier = @class.new(:generate, :to => :all)
114
lambda { @applier.apply(@ca) }.should raise_error(ArgumentError)
117
it "should call :generate on the CA for each host specified" do
118
@applier = @class.new(:generate, :to => %w{host1 host2})
120
@ca.expects(:generate).with("host1")
121
@ca.expects(:generate).with("host2")
127
describe ":verify" do
128
before { @method = :verify }
129
#it_should_behave_like "a normal interface method"
131
it "should call the method on the CA for each host specified if an array was provided" do
132
# LAK:NOTE Mocha apparently doesn't allow you to mock :verify, but I'm confident this works in real life.
135
it "should call the method on the CA for all existing certificates if :all was provided" do
136
# LAK:NOTE Mocha apparently doesn't allow you to mock :verify, but I'm confident this works in real life.
140
describe ":destroy" do
141
before { @method = :destroy }
142
it_should_behave_like "a normal interface method"
145
describe ":revoke" do
146
before { @method = :revoke }
147
it_should_behave_like "a normal interface method"
151
describe "and an array of names was provided" do
153
@applier = @class.new(:sign, :to => %w{host1 host2})
156
it "should sign the specified waiting certificate requests" do
157
@ca.expects(:sign).with("host1")
158
@ca.expects(:sign).with("host2")
164
describe "and :all was provided" do
165
it "should sign all waiting certificate requests" do
166
@ca.stubs(:waiting?).returns(%w{cert1 cert2})
168
@ca.expects(:sign).with("cert1")
169
@ca.expects(:sign).with("cert2")
171
@applier = @class.new(:sign, :to => :all)
175
it "should fail if there are no waiting certificate requests" do
176
@ca.stubs(:waiting?).returns([])
178
@applier = @class.new(:sign, :to => :all)
179
lambda { @applier.apply(@ca) }.should raise_error(Puppet::SSL::CertificateAuthority::Interface::InterfaceError)
185
describe "and an empty array was provided" do
186
it "should print a string containing all certificate requests" do
187
@ca.expects(:waiting?).returns %w{host1 host2}
190
@applier = @class.new(:list, :to => [])
192
@applier.expects(:puts).with "host1\nhost2"
198
describe "and :all was provided" do
199
it "should print a string containing all certificate requests and certificates" do
200
@ca.expects(:waiting?).returns %w{host1 host2}
201
@ca.expects(:list).returns %w{host3 host4}
203
@ca.stubs(:fingerprint).returns "fingerprint"
204
@ca.expects(:verify).with("host3").raises(Puppet::SSL::CertificateAuthority::CertificateVerificationError.new(23), "certificate revoked")
206
@applier = @class.new(:list, :to => :all)
208
@applier.expects(:puts).with "host1 (fingerprint)"
209
@applier.expects(:puts).with "host2 (fingerprint)"
210
@applier.expects(:puts).with "- host3 (fingerprint) (certificate revoked)"
211
@applier.expects(:puts).with "+ host4 (fingerprint)"
217
describe "and :signed was provided" do
218
it "should print a string containing all signed certificate requests and certificates" do
219
@ca.expects(:list).returns %w{host1 host2}
221
@applier = @class.new(:list, :to => :signed)
227
describe "and an array of names was provided" do
228
it "should print a string of all named hosts that have a waiting request" do
229
@ca.expects(:waiting?).returns %w{host1 host2}
230
@ca.expects(:list).returns %w{host3 host4}
231
@ca.stubs(:fingerprint).returns "fingerprint"
234
@applier = @class.new(:list, :to => %w{host1 host2 host3 host4})
236
@applier.expects(:puts).with "host1 (fingerprint)"
237
@applier.expects(:puts).with "host2 (fingerprint)"
238
@applier.expects(:puts).with "+ host3 (fingerprint)"
239
@applier.expects(:puts).with "+ host4 (fingerprint)"
247
describe "and :all was provided" do
248
it "should print all certificates" do
249
@ca.expects(:list).returns %w{host1 host2}
251
@applier = @class.new(:print, :to => :all)
253
@ca.expects(:print).with("host1").returns "h1"
254
@applier.expects(:puts).with "h1"
256
@ca.expects(:print).with("host2").returns "h2"
257
@applier.expects(:puts).with "h2"
263
describe "and an array of names was provided" do
264
it "should print each named certificate if found" do
265
@applier = @class.new(:print, :to => %w{host1 host2})
267
@ca.expects(:print).with("host1").returns "h1"
268
@applier.expects(:puts).with "h1"
270
@ca.expects(:print).with("host2").returns "h2"
271
@applier.expects(:puts).with "h2"
276
it "should log any named but not found certificates" do
277
@applier = @class.new(:print, :to => %w{host1 host2})
279
@ca.expects(:print).with("host1").returns "h1"
280
@applier.expects(:puts).with "h1"
282
@ca.expects(:print).with("host2").returns nil
283
Puppet.expects(:err).with { |msg| msg.include?("host2") }
290
describe ":fingerprint" do
291
it "should fingerprint with the set digest algorithm" do
292
@applier = @class.new(:fingerprint, :to => %w{host1}, :digest => :digest)
294
@ca.expects(:fingerprint).with("host1", :digest).returns "fingerprint1"
295
@applier.expects(:puts).with "host1 fingerprint1"
300
describe "and :all was provided" do
301
it "should fingerprint all certificates (including waiting ones)" do
302
@ca.expects(:list).returns %w{host1}
303
@ca.expects(:waiting?).returns %w{host2}
305
@applier = @class.new(:fingerprint, :to => :all)
307
@ca.expects(:fingerprint).with("host1", :MD5).returns "fingerprint1"
308
@applier.expects(:puts).with "host1 fingerprint1"
310
@ca.expects(:fingerprint).with("host2", :MD5).returns "fingerprint2"
311
@applier.expects(:puts).with "host2 fingerprint2"
317
describe "and an array of names was provided" do
318
it "should print each named certificate if found" do
319
@applier = @class.new(:fingerprint, :to => %w{host1 host2})
321
@ca.expects(:fingerprint).with("host1", :MD5).returns "fingerprint1"
322
@applier.expects(:puts).with "host1 fingerprint1"
324
@ca.expects(:fingerprint).with("host2", :MD5).returns "fingerprint2"
325
@applier.expects(:puts).with "host2 fingerprint2"